Phoenician, LLC

Loading

Phoenician, LLC

Privacy Policy

Effective Date: July 6, 2025
Last Updated: July 6, 2025

Introduction

At Phoenician Technology, LLC (“Phoenician,” “we,” “us,” or “our”), we are committed to protecting the privacy and security of your personal information. As a provider of enterprise-grade municipal technology solutions, including Unified Data Layer (UDL) architecture, utility billing systems, and Computerized Maintenance Management Systems (CMMS), we understand the critical importance of maintaining the confidentiality and integrity of data entrusted to us by our municipal and government clients.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you interact with our services, visit our website, or engage with our cloud-based solutions. This policy applies to all users of our services, including municipal employees, contractors, vendors, and any individuals whose data may be processed through our platforms.

Information We Collect

Categories of Personal Information

Directly Provided Information:

  • Contact Information: Name, email address, phone number, job title, organization, mailing address
  • Account Information: User credentials, login information, security questions and answers
  • Professional Information: Government agency affiliation, department, role, authorization levels
  • Communication Data: Messages, support requests, feedback, and correspondence with our team

Automatically Collected Information:

  • Technical Data: IP address, browser type and version, device identifiers, operating system information
  • Usage Data: Pages visited, features accessed, time spent on platform, click patterns, session recordings
  • Performance Data: System performance metrics, error logs, diagnostic information
  • Location Data: General geographic location based on IP address (not precise geolocation)

Information from Third Parties:

  • Integration Data: Information received from municipal systems such as Workday ERP, Invoice Cloud, ArcGIS Enterprise, Caselle, Matrix, and Harmony systems
  • Vendor Information: Data from business partners and service providers necessary for system integration
  • Public Records: Publicly available information relevant to municipal operations

Municipal Data Processing

As a provider of municipal technology solutions, we process various categories of information on behalf of our government clients, including:

  • Citizen Data: Utility account information, billing records, service requests, permit applications
  • Municipal Operations Data: Asset management records, work orders, maintenance schedules, infrastructure data
  • Financial Data: Billing information, payment records, budget data, procurement information
  • Employee Data: Municipal staff information necessary for system access and operations

How We Use Your Information

Service Provision and Operations

  • Platform Delivery: Providing access to and functionality of our UDL, utility billing, and CMMS platforms
  • Account Management: Creating and maintaining user accounts, managing permissions and access controls
  • Technical Support: Responding to support requests, troubleshooting issues, providing user assistance
  • System Integration: Facilitating data exchange between municipal systems and our platforms

Security and Compliance

  • Access Control: Implementing role-based access controls and multi-factor authentication
  • Audit Logging: Maintaining comprehensive logs of system activities for compliance and security monitoring
  • Data Protection: Implementing encryption, backup procedures, and disaster recovery measures
  • Regulatory Compliance: Ensuring compliance with government data protection requirements and municipal regulations

Business Operations

  • Service Improvement: Analyzing usage patterns to enhance platform functionality and user experience
  • Communication: Sending service updates, security notifications, and important announcements
  • Legal Compliance: Meeting contractual obligations and legal requirements
  • Business Continuity: Maintaining service availability and operational resilience

Legal Basis for Processing

Our legal basis for processing personal information includes:

  • Contractual Necessity: Processing required to fulfill our service agreements with municipal clients
  • Legal Obligation: Compliance with applicable laws, regulations, and government requirements
  • Legitimate Interest: Pursuing legitimate business interests such as security, fraud prevention, and service improvement
  • Consent: Where explicitly provided for specific processing activities

Information Sharing and Disclosure

Municipal Clients

We share information with our municipal clients as necessary to provide contracted services and maintain system functionality. This includes data processed through our platforms and technical information required for municipal operations.

Service Providers and Vendors

We may share information with trusted third-party service providers who assist in delivering our services, including:

  • Cloud Infrastructure Providers: AWS and other cloud service providers for hosting and data storage
  • Integration Partners: Technology vendors whose systems integrate with our platforms
  • Support Services: Technical support and maintenance providers operating under strict confidentiality agreements

Legal Requirements

We may disclose information when required by law, court order, or government request, including:

  • Compliance with Legal Process: Responding to subpoenas, warrants, or other legal demands
  • Law Enforcement: Cooperating with law enforcement agencies when legally required
  • National Security: Complying with national security requirements applicable to government contractors

Data Residency and Government Requirements

  • All data is stored and processed within US-based data centers to ensure compliance with government data sovereignty requirements
  • We do not transfer municipal or government data outside the United States without explicit authorization
  • Our cloud infrastructure meets federal security standards and government compliance requirements

Data Security and Protection

Technical Safeguards

  • Encryption: AES-256 encryption for data at rest and in transit using current industry standards
  • Access Controls: Role-based access controls with multi-factor authentication requirements
  • Network Security: Secure network architecture with firewalls, intrusion detection, and monitoring systems
  • Backup and Recovery: Automated backup procedures with cross-region replication and disaster recovery capabilities

Operational Safeguards

  • Employee Training: Regular privacy and security training for all personnel with access to client data
  • Background Checks: Comprehensive background investigations for employees handling sensitive government data
  • Audit Procedures: Regular security audits, penetration testing, and compliance assessments
  • Incident Response: Comprehensive incident response procedures for security breaches and data incidents

Government Security Standards

  • NIST Compliance: Implementation of NIST security controls appropriate for government contractors
  • FedRAMP Alignment: Adherence to FedRAMP security requirements for federal systems
  • Privacy Act Compliance: Full compliance with Privacy Act requirements for federal contractors
  • Continuous Monitoring: 24/7 security monitoring and threat detection capabilities

Data Retention and Deletion

Retention Periods

  • Account Information: Retained for the duration of the service agreement plus seven years for compliance purposes
  • Usage Data: Retained for two years unless longer retention is required for security or legal purposes
  • Audit Logs: Retained for seven years to meet government audit and compliance requirements
  • Municipal Data: Retained according to municipal retention schedules and legal requirements

Data Deletion

  • Client Request: Data deletion upon client request, subject to legal and contractual obligations
  • Contract Termination: Secure data deletion or return to client upon contract termination
  • Automated Deletion: Automated deletion of data beyond retention periods
  • Secure Disposal: NIST-compliant secure disposal methods for all data destruction

Your Rights and Choices

Access and Transparency

  • Data Access: Right to access personal information we maintain about you
  • Data Portability: Right to receive your data in a structured, machine-readable format
  • Processing Information: Right to understand how your data is processed and shared

Control and Correction

  • Data Correction: Right to correct inaccurate or incomplete personal information
  • Data Deletion: Right to request deletion of personal information, subject to legal limitations
  • Processing Restrictions: Right to restrict certain types of data processing

Communication Preferences

  • Opt-Out Rights: Right to opt out of non-essential communications
  • Notification Preferences: Ability to manage notification settings and communication methods
  • Marketing Communications: Right to unsubscribe from marketing communications (where applicable)

Government Contractor Obligations

As a government contractor, we maintain additional obligations and protections:

  • Privacy Act Compliance: Full compliance with Privacy Act requirements for systems of records
  • Security Clearance: Appropriate security clearances for personnel handling classified information
  • Training Requirements: Annual privacy and security training for all contractor personnel
  • Audit Rights: Government audit rights and cooperation with oversight activities
  • Data Ownership: Government retains full ownership of all government data processed through our systems

International Data Transfers

We do not transfer government or municipal data outside the United States. All data processing occurs within US-based facilities that meet government security and privacy requirements. Any international data transfers for non-government data are protected by appropriate safeguards including standard contractual clauses and adequacy decisions.

Children’s Privacy

Our services are designed for government and municipal use and are not directed toward children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will promptly delete it.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

  • Advance Notice: Provide at least 30 days’ advance notice of material changes
  • Client Notification: Notify municipal clients directly of changes affecting their data
  • Website Updates: Post updated policies on our website with clear indication of changes
  • Effective Date: Clearly indicate the effective date of any policy updates

Contact Information

For questions about this Privacy Policy or our privacy practices, please contact us:

Phoenician Technology, LLC
Privacy Officer
Email: privacy@phoeniciantech.com
Phone: (385) 430-0089‬

Data Protection Inquiries:
Email: dpo@phoeniciantech.com

Security Incidents:
Email: security@phoeniciantech.com

Compliance and Regulatory Information

This Privacy Policy is designed to comply with:

  • General Data Protection Regulation (GDPR) for any EU data subjects
  • California Consumer Privacy Act (CCPA) for California residents
  • Privacy Act of 1974 for federal government data
  • Municipal Freedom of Information and Protection of Privacy Acts for municipal data
  • Federal Information Security Management Act (FISMA) for federal systems
  • Other applicable federal, state, and local privacy laws

For information about your specific rights under applicable laws or to exercise your privacy rights, please contact our Privacy Officer using the information provided above.

Document Version: 1.0
Approved By: Jared Bodily
Next Review Date: January 6, 2026

This Privacy Policy reflects Phoenician Technology’s commitment to protecting personal information while enabling effective municipal technology solutions. We continuously review and update our privacy practices to maintain the highest standards of data protection for our government and municipal clients.